Scientia Limited

Resource Booker

Resource Booker empowers users to make and manage their own room and resource bookings. Rooms and resources are valuable assets and managing them effectively, with full booking rules and approval processes, across multiple sites is one of the biggest challenges faced by educational institutions and organisations today.

Features

  • Remote access from any device
  • Permissions managed in Resource Booker or linked to Active Directory
  • Comprehensive administrator controls - determine who can book what, when
  • Configurable approval process with customer defined booking rules / quotas
  • Book room and multiple resources in a single booking request
  • Responsive design ensures Resource Booker looks great on any device
  • Configurable request, acceptance, rejection, cancellation email notifications
  • Fast to deploy, scalable for insitutions of any size
  • Includes API broker to provide room information to third parties
  • Integration with the Scientia timetabling application - Syllabus Plus

Benefits

  • Enables stakeholders to quickly make bookings anytime, anywhere
  • Encourages the best possible utilisation of costly rooms and resources
  • Ensures a fair and equitable booking system for all
  • Improves student and staff satisfcation
  • Improves the overall student experience
  • Email notifications keep users constantly informed on booking status
  • Intuitive user interface is designed to enable use without training
  • Empowers users to manage own bookings, reducing administrative burden
  • Save time by intregrating with existing timetable data
  • Ensure room data is transparent across the system landscape

Pricing

£7,700 to £15,595 an instance a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david_neal@scientia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 7 7 7 6 3 2 5 9 9 5 4 7 3 1

Contact

Scientia Limited David Neal
Telephone: 07850726634
Email: david_neal@scientia.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Scientia Syllabus Plus scheduling application
Cloud deployment model
Public cloud
Service constraints
The product can be used as a standalone booking tool by any institution but for those using Scientia's Syllabus Plus scheduling application, full integration is provided.
System requirements
Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
All customers are provided with a standard SLA outlining all response times based on the priority of the support issue. Priority issues will receive a response within a maximum of 2 hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Scientia has a support helpdesk service that provides first, second and third line customer support. We provide customers with a standard Service Level Agreement (SLA) with published response and resolution targets. Annual subscription pricing for software licensing includes full product and technical support as well as all software upgrades.

Where our standard SLA does not meet the requirements of any given customer, we can provide at additional cost a 'Premium Service' and this can include faster resolution times, dedicated support engineer etc. The Premium Service can be tailored to the customer's needs and therefore pricing is dependent on the specific requirement. Our support team is located in Cambridge UK .

Scientia provides customers with a 'DevOps' team that includes technical engineers and support specialists but in general a customer will not be dedicated a specific team member. Rather, our customers have a dedicated Implementation Consultant and Account Manager who will ensure all customer issues with regard to product, support, commercials etc. are dealt with and resolved satisfactorily.
Support available to third parties
No

Onboarding and offboarding

Getting started
Scientia offers full configuration and set-up consultancy to ensure the solution meets the specific booking requirements of the customer.

Focused administrator training is provided during the implementation however we also offer half day sessions either remotely or online for additional staff training. As the product is so intuitive, institutions will normally save money by using their administrator to cascade training internally to other users.

Full user documentation is also provided.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
On contract expiry, Scientia will ensure all customer data held in the application is returned in an agreed standard format but typically we also retain this data in a limited-function Microsoft Azure account for a 90 day retention period before permanent deletion of the data. This 90 day 'cooling off' period gives the customer the opportunity to review the decision to terminate or extend the contract however following the 90 days, the Azure account will be fully disabled including any backup copies.
End-of-contract process
Three months before contract expiry, customers will be contacted to either renew the service or end the contract. In the event the contract is renewed, Scientia will agree a new contract offering that will include all Resource Booker software subscription licensing, telephone and web support services, all software upgrades and dedicated account management. Prices may only increase if for example the student population of the customer has risen significantly since the original contract.

If the contract is ended, Scientia will ensure all data is returned in the customer in an agreed format and we would request an exit meeting to understand any reasons for the decision. The customer will then be free to transition to an alternative service provider.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The Resource Booker cloud service is supported on both small screen (e.g. smartphone) and large screen (e.g. tablet and PC) devices. Scientia is committed to responsive web design as a core part of our development function, ensuring the best possible usability of our web technologies regardless of the device on which they are accessed. Our web delivered solutions contain web pages that detect the user's operating platform, screen size and orientation and change the layout accordingly for the device. Ultimately no functionality is lost between mobile and desktop.
Service interface
No
API
Yes
What users can and can't do using the API
For interoperability with other applications across the University application eco-system, we support industry standards such as RESTful APIs, Web Services, JSON and XML among others. Our Resource Booker cloud application contains a fully documented API providing REST endpoints that can be used to read and/or create various data records e.g. to provide room availability data to external systems.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Resource Booker is a fully configurable solution and typically system configurations are applied by the Implementation Consultancy team during the initial roll out of the service following consultation with the customer.

This includes the use of a user-friendly URL and changing the content of welcome screens. Within the application, the customer can specify time and day ranges when bookings are acceptable (for example, 08:00 to 20:00, Monday to Friday).

Booking forms for particular rooms / resources can also be customised, so that relevant data can be captured for each particular type of booking.

Logos, fonts and colour schemes are also customisable, as well as the format and make-up of booking reference numbers within the system.

Scaling

Independence of resources
The Microsoft Azure platform on which we have chosen to deploy our Resource Booker service allows the application to benefit from the scalability of the critical resources and services it uses. Azure is designed to be scalable during periods of peak usage to ensure continued high performance. This gives us the ability to rapidly scale our applications in the cloud in response to changes in user demand. This means there is an automatic increase in processing power during instances when user traffic is exceptionally high ensuring that no end-users are inconvenienced despite the peak in demand for the service.

Analytics

Service usage metrics
Yes
Metrics types
Resource Booker includes a dashboard containing high level usage analytics over the last 90 days. Scientia are also able to make available to customers monthly and annual service availability statistics on request.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported by users via CSV / Excel
Data export formats
CSV
Data import formats
Other
Other data import formats
Plug-in available to upload from Scientia's Syllabus Plus timetabling application

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Our standard SLA offers a 99% target for service availability. At this time, our standard SLA and list pricing does not include a service credit regime. Should a customer wish to include a service credit regime in their SLA to compensate for missed service levels this can offered via a bespoke Premium Service offering.
Approach to resilience
We work with Microsoft to ensure resiliency and high availability strategies are in place to manage any temporary failure conditions. Our disaster recovery plans are focused on recovering from a catastrophic loss of application functionality for any particular reason. For example, if the primary Azure hosting centre becomes unavailable, a plan is triggered to run the Scientia application suite with full access to customer data in another EU hosting region. This infrastructure supports several disaster recovery scenarios, such as system-provided geo-replication of the cloud service to secondary regions.
Outage reporting
We will inform customers of outages via email alerts that can be automated from our support web service.

Identity and authentication

User authentication needed
Yes
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Resource Booker supports role-based authorisation, based on claims provided by the customer's identity provider. Specified users can be granted administrator rights otherwise users are granted rights to view information only and cannot amend or delete core room and resource information.

For booking purposes, administrators can create User Groups and add individuals to these groups or map to existing Active Directory groups. Bookings of rooms and resources can be restricted to specific user groups, with a library rules available to give finer control.

Only a strictly limited number of Scientia employees have responsible for ongoing application support within the Azure infrastructure.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
03/05/2018
What the ISO/IEC 27001 doesn’t cover
We have full ISO 27001 certification covering the Information Security Management System of the Scientia business and is applicable to the design and supply of our software applications with associated consultancy and training.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Scientia has an Information Security policy that is made available to all staff and is covered with all new employees during induction. Our policy covers physical access to premises and equipment, access to IT networks, password policies, secure checking of new employees.

Our policy commits to protecting data from loss, destruction, falsification, unauthorised access and unauthorised release, in accordance with legislatory, regulatory, contractual and business requirements.

Scientia has a full set of procedures in place to detect, report and investigate on any personal data breach. Where any breach might result in a risk to the rights of any individual(s), Scientia will notify the customer with details of the data that has been compromised, how the breach occurred and how such a security failure is being addressed both from a technical and procedural aspect. The process will be managed by our Data Protection Officer, who will perform a full analysis of the facts and assess the situation to determine the nature and scope of the incident. Where the breach requires further action, this will be escalated to Board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Scientia follows ITIL guidance for change management and we apply our process to software upgrades throughout the product life-cycle, typically adhering to the following procedure:

- Request for change is submitted - impact, risks (operational and security) and benefits of change considered by Product Management.

- If accepted, formal planning for the change introduction takes place.

- An internal change owner or sponsor is appointed, working with stakeholders to ensure full scope of change is delivered.

- The change goes through comprehensive testing programme.

- The change is delivered into preview environments before deployment in Live. Release notes are updated.
Vulnerability management type
Undisclosed
Vulnerability management approach
Scientia's DevOps team, working closely with our hosting partners Microsoft and independent CREST approved penetration testing companies ensure that Scientia has a vulnerability management process to help quickly detect and remediate vulnerabilities.

Whereas Microsoft performs vulnerability scans on the application and databases in the Azure environment, Scientia is responsible for all scanning, penetration testing and intrusion detection for our Cloud service applications.

DevOps teams analyse identified vulnerabilities, determine associated risks and prioritise remediation plans including patching where appropriate. Patches are deployed in line with SLAs depending on the urgency of the threat and can be same-day for critical level incidents.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Scientia's hosting partners Microsoft provide the Azure Cloud infrastructure that is resilient to attack, safeguards user access and keeps data stored in our applications secure through encrypted communications, threat management and mitigation practices.

Unauthorised traffic to Microsoft datacentres is blocked using various of technologies. Azure offers Microsoft Anti-malware, intrusion detection, denial-of-service (DDoS) attack prevention, and regular penetration testing to mitigate threats to the Scientia Cloud platform.

We deploy tools enabling analysis of system availability, performance, failures, and usage to make informed security considerations throughout the development cycle. Compromises are flagged instantly and measures designed and implemented to neutralise identified threats.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Scientia is ISO:27001 compliant - our approach to incident management is in line with this standard.

Incidents are reported via telephone or email to our helpdesk. These are investigated by technical engineers with our data protection officer who perform a preliminary analysis of the incident and extent of the potential breach.

Compromised data is identified and individuals affected informed. The source of compromise is investigated and measures taken to control the incident, preventing further unauthorized access to or use of personal information.

Scientia provide the customer with a summary report of findings and steps taken to mitigate the situation recurring.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7,700 to £15,595 an instance a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Scientia can provide trial options for our Cloud service application that will include the full suite of functionality, using test anonymised data.

This is usually provided cost-free and time limited on a customer by customer basis.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david_neal@scientia.com. Tell them what format you need. It will help if you say what assistive technology you use.